Office 365 Data Protection

More and more companies are making the jump to Office 365, moving from their on-premises Exchange, SharePoint, and Skype for Business environments. According to Microsoft, as of October 2017, Office 365 commercial monthly active users was at 120 million, up 20 million from April of 2017. Microsoft expects to have two-thirds of its Office business customers in the cloud by some time in its fiscal 2019.

 

For the sake of this article, lets focus just on the Exchange Online (or email) service of Office 365.

 

When implementing Exchange server on-premises, would you include an enterprise backup/restore solution? Of course, you would. In fact, there might be several data protection/high availability strategies you would employ to the environment. Exchange database backup and recovery, single item recovery, Database Availability Group (DAG), business resumption and disaster recovery to name a few.

 

Let’s take a look at a few of these strategies which are included in Exchange Online natively.

 

Exchange Online provides Mailbox Replication at Data Centers for high availability of the Exchange database. Exchange Online mailboxes are continually replicated to multiple database copies, in geographically dispersed Microsoft data centers. This provides data restoration capability in the event of site or hardware failure.

 

Recoverable Items folders are available at both the mailbox and item level.

 

Deleted Mailbox Recovery – When a mailbox is deleted, Exchange Online retains the mailbox and its contents for 30 days by default. After 30 days, the mailbox is not recoverable. A recovered mailbox contains all of the data stored in it at the time it was deleted. Administrators can recover a deleted mailbox within the retention period setting.

 

Deleted Item Recovery – Exchange Online enables users to restore items they have deleted from any email folder, including the Deleted Items folder. When an item is deleted, it’s kept in a user’s Deleted Items folder. It remains there until it’s either manually removed by the user or automatically removed by retention policies. After an item is removed from the Deleted Items folder, it’s kept in a Recoverable Items folder for an additional 14 days before being permanently removed (administrators can increase this to a maximum of 30 days).

 

A user is still in control of the data, i.e. they have the ability to purge their own Recoverable Items folder at any time. Microsoft’s answer to this is Litigation Hold, which copies all mailbox items to an immutable area (hidden from Recoverable Items). The items remain there in an unchanged state until the Litigation Hold age is reached, or in the case where that age is set to indefinite, till the administrator says so.

 

While these are all great features built-in to Exchange Online, what happens when data loss occurs due to user error, hacking, or malicious acts? There is not a complete backup and restore solution provided by Microsoft for Exchange Online, or Office 365 for that fact. Again, these strategies above will not protect users from data loss. Microsoft puts many safeguards in place so that customers do not lose data, however, they do not specialize in data backup and recovery.

 

 

Microsoft published a white paper in April 2017 called Shared Responsibilities for Cloud Computing. Here are a few of the findings from the white paper.

 

“As organizations consider and evaluate public cloud services, it is essential to explore how different cloud service models will affect cost, ease of use, privacy, security and compliance. It is equally important that customers consider how security and compliance are managed by the cloud solution provider (CSP) who will enable a safe computing solution. In addition, many organizations that consider public cloud computing mistakenly assume that after moving to the cloud their role in securing their data shifts most security and compliance responsibilities to the CSP. “

 

“Cloud providers by design should provide security for certain elements, such as the physical infrastructure and network elements, but customers must be aware of their own responsibilities. CSPs may provide services to help protect data, but customers must also understand their role in protecting the security and privacy of their data.”

 

The following table is featured in this white paper which shows the shared responsibilities for different cloud service models:

 

 

 

 

Microsoft has defined the responsibilities of the provider and the customer. Office 365 falls under IaaS (Infrastructure as a Service). Data protection would fall under the Data classification and accountability responsibility. The majority of customers assume that Microsoft is backing up their data. However, just like Exchange on-premises, there is no backup or restore built-in. Microsoft clearly puts the issue of data protection squarely on the customer.

 

So, what is a customer to do?

 

Luckily, most of the enterprise backup software providers have compatibility for Office 365. There are also several vendors who make backup and restore specifically for Office 365 which can be found in the Azure Marketplace that provide a wide array of features, such as where to store the backups (cloud vs. on-premises), archive solutions, and single-mailbox recovery.

 

In conclusion, Microsoft has explicitly stated in their Shared Responsibility for Cloud Computing white paper that they are responsible for keeping the cloud services available, which does not include traditional backup and recovery of the data. Don’t make the same assumption many Office 365 customers have. Treat Office 365 data like any other data; it needs to be backed up.

 

 

 

Categories

Search

Search for:

Blog Categories

• Backup and Disaster Recovery
• Cloud Solutions
• Converged Infrastructure
• News
• Video Analytics
• Wireless Networking
• Events
• Support and maintenance

Related Resources

• Aruba Related Resources
  • Aruba 802.11ax
  • Aruba Access Points
  • Aruba Central and SD-WAN
  • Aruba ClearPass
  • Aruba ESP
  • Aruba Intelligent Edge Switches
• HPE Related Resources
  • HPE Apollo Servers
  • HPE Nimble
  • HPE SimpliVity
  • HPE StoreOnce
• Qumulo Related Resources
• Veeam Related Resources
• Zerto Related Resources

Archives

• April 2024
• March 2024
• January 2024
• October 2023
• September 2023
• August 2023
• July 2023
• June 2023
• May 2023
• April 2023
• March 2023
• February 2023
• January 2023
• October 2022
• July 2022
• June 2022
• May 2022
• April 2022
• March 2022
• February 2022
• January 2022
• December 2021
• November 2021
• October 2021
• September 2021
• August 2021
• July 2021
• June 2021
• May 2021
• April 2021
• March 2021
• February 2021
• January 2021
• December 2020
• November 2020
• October 2020
• September 2020
• August 2020
• July 2020
• June 2020
• May 2020
• April 2020
• March 2020
• February 2020
• January 2020
• December 2019
• November 2019
• October 2019
• September 2019
• August 2019
• July 2019
• June 2019
• May 2019
• April 2019
• March 2019
• February 2019
• January 2019
• December 2018
• November 2018
• October 2018
• September 2018
• August 2018
• July 2018
• June 2018
• May 2018
• April 2018
• March 2018
• February 2018
• January 2018
• December 2017
• November 2017
• October 2017
• September 2017
• August 2017
• July 2017
• June 2017
• May 2017
• April 2017
• March 2017
• February 2017
• January 2017
• December 2016
• November 2016
• October 2016
• September 2016
• August 2016
• July 2016
• June 2016
• May 2016
• March 2016
• February 2016
• January 2016
• December 2015
• October 2015
• September 2015
• August 2015
• July 2015
• June 2015
• May 2015
• April 2015
• March 2015
• February 2015
• January 2014
• February 2013

Social